With the rise of malware and ransomware attacks on the UK education sector, we at JSPC want to make sure you’re armed with the knowledge to help shield your school.
Here, with the help of the National Cyber Security Centre (NCSC), we’ll define the cyber-attacks and highlight how malware and ransomware could impact you. We’ll also offer some top tips on how, together, we can keep your systems and data safe.
What’s malware and ransomware?
According to the NCSC, malware is malicious software that can damage in myriad ways, such as:
• Causing a device to become locked or unusable
• Stealing, deleting or encrypting data
• Taking control of your devices to attack other organisations
• Obtaining credentials that allow access to your organisation's systems or services
• 'Mining' cryptocurrency
• Using services that may cost you money (e.g. premium rate phone calls)
The UK advice and support centre for cyber security, continues:
“Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
“Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. They will typically use an anonymous email address (for example ProtonMail) to make contact and will request payment in the form of a crypto currency.
“More recently, there has been a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid. There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via ‘name and shame’ websites on the darknet.”
Cyber criminals could gain access to your school’s network through several routes, including:
• Remote access systems – Remote Desktop Gateway and Virtual Private Networks (VPNs)
• Phishing and Vhishing – Emails, texts and phone calls
• Vulnerable software or hardware – Unpatched or unsecure devices
How does malware and ransomware affect schools?
The NCSC has responded to an increase in ransomware attacks on the education sector – including schools, colleges, and universities – by cyber criminals with a series of alerts.
According to Schools Week, all of Cambridge Meridian Academies Trust’s (CMAT) 17 schools were hit by ransomware in March 2021. During the attacks, those institutions targeted lost financial records and students’ coursework as well as Covid-19 testing data. In the same month, 24 schools across South Gloucestershire suffered the consequences of a “highly sophisticated ransomware attack”.
Then, over the summer holidays, six schools in the Isle of Wight were targeted with ransomware. This not only lead to the exposure of untold sensitive data but the fallout also delayed the start of term. When they learnt from their service provider that the attack prompted the encryption of all stored data, the schools underwent a painstaking process to recreate what they’d lost.
What can your school do to defend a malware or ransomware cyber-attack?
When so many schools were hit this time last year, the Department for Education (DfE) advised school leaders it’s, “vital that you urgently review your existing defences and take the necessary steps to protect your networks from cyber-attacks”.
And the DfE supported the NCSC recommendation that schools shouldn’t pay ransom demands as payment won’t fix the problem and will instead “likely result in repeat incidents to educational settings”.
There’s no way to guarantee 100% protection for your school against malware infection but a “defence-in-depth” approach will provide more opportunities to detect malware and stop it before it causes too much harm.
As well as making sure your school’s cyber security defences are optimum, your IT service provider should work with you to:
1. Make regular backups
• Back up your most important files regularly and consistently
• Back up data offline to a secure, trusted facility
• Regularly test their data restore services to mitigate loss
2. Prevent malware from being delivered and spreading to devices
• Only allow file types you’d expect
• Block malicious websites
• Patch vulnerabilities in remote access devices immediately
3. Prevent malware from running on devices
• Centrally manage devices so only trusted applications can run
• Provide cyber security education and awareness training to your people
• Install security updates as soon as they’re available to fix exploitable bugs
4. Prepare for an incident
• Identify your critical assets and establish impact if they were affected by malware
• Create an internal and external communication strategy
• Know what processes need to be followed to restore servers and files from your backup solution
Read the NCSC’s four actions in more detail as part of their Mitigating Malware and Ransomware Attacks guidance.
We at JSPC, as the West Sussex school IT support experts, are here to help you prevent and prepare for malware and ransomware attacks. And as Chris Groves, our Head of Technology who will be familiar from his cyber security portal bulletins, says:
“With a comprehensive managed backup solution that can protect your entire digital estate – as well as cutting-edge endpoint protection that secures your computers, tablets and servers – we have the tools available to help provide you with the ‘defence-in-depth’ approach recommended by the DfE.”
So, if you’d like to know about these solutions, or need any more cyber security advice or support, please get in touch.